[lxc-users] container root unable to setcap in container
Michael Johnson
johnson at cognitech-ut.com
Fri Mar 9 10:09:05 UTC 2018
Hi All!
I have noticed that a container's root user is unable to modify the
capabilities of a root-owned file in the container.
For example:
setcap cap_net_raw=ep /bin/ping
returns:
Failed to set capabilities on file `ping' (Operation not permitted)
It is possible to set this capability as root from the host, operating
on the container's file.
Can someone please explain this behavior? What am I doing wrong? When is
root in the container not root in the container?
This is on gentoo. Have I overlooked an obscure kernel config?
Thanks!
More information about the lxc-users
mailing list